[nginx] HTTP/2: flushing of the SSL buffer in transition to the idle state.

[Maxim Dounin]

details:   http://hg.nginx.org/nginx/rev/85c3740b6745
branches:  stable-1.10
changeset: 6765:85c3740b6745
user:  Valentin Bartenev 
date:  Tue Jul 19 20:34:17 2016 +0300
description:
HTTP/2: flushing of the SSL buffer in transition to the idle state.

It fixes potential connection leak if some unsent data was left in the SSL
buffer.  Particularly, that could happen when a client canceled the stream
after the HEADERS frame has already been created.  In this case no other
frames might be produced and the HEADERS frame alone didn't flush the buffer.

diffstat:

 src/http/v2/ngx_http_v2.c |  20 ++--
 1 files changed, 18 insertions(+), 2 deletions(-)

diffs (37 lines):

diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -599,7 +599,8 @@ error:
 static void
 ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
 {
-ngx_connection_t  *c;
+ngx_int_trc;
+ngx_connection_t*c;
 ngx_http_v2_srv_conf_t  *h2scf;
 
 if (h2c->last_out || h2c->processing) {
@@ -614,7 +615,22 @@ ngx_http_v2_handle_connection(ngx_http_v
 }
 
 if (c->buffered) {
-return;
+h2c->blocked = 1;
+
+rc = ngx_http_v2_send_output_queue(h2c);
+
+h2c->blocked = 0;
+
+if (rc == NGX_ERROR) {
+ngx_http_close_connection(c);
+return;
+}
+
+if (rc == NGX_AGAIN) {
+return;
+}
+
+/* rc == NGX_OK */
 }
 
 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] HTTP/2: flushing of the SSL buffer in transition to the idle state.

[Valentin Bartenev]

details:   http://hg.nginx.org/nginx/rev/72282dd5884e
branches:  
changeset: 6642:72282dd5884e
user:  Valentin Bartenev 
date:  Tue Jul 19 20:34:17 2016 +0300
description:
HTTP/2: flushing of the SSL buffer in transition to the idle state.

It fixes potential connection leak if some unsent data was left in the SSL
buffer.  Particularly, that could happen when a client canceled the stream
after the HEADERS frame has already been created.  In this case no other
frames might be produced and the HEADERS frame alone didn't flush the buffer.

diffstat:

 src/http/v2/ngx_http_v2.c |  20 ++--
 1 files changed, 18 insertions(+), 2 deletions(-)

diffs (37 lines):

diff -r b5d1c17181ca -r 72282dd5884e src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Tue Jul 19 20:34:02 2016 +0300
+++ b/src/http/v2/ngx_http_v2.c Tue Jul 19 20:34:17 2016 +0300
@@ -599,7 +599,8 @@ error:
 static void
 ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
 {
-ngx_connection_t  *c;
+ngx_int_trc;
+ngx_connection_t*c;
 ngx_http_v2_srv_conf_t  *h2scf;
 
 if (h2c->last_out || h2c->processing) {
@@ -614,7 +615,22 @@ ngx_http_v2_handle_connection(ngx_http_v
 }
 
 if (c->buffered) {
-return;
+h2c->blocked = 1;
+
+rc = ngx_http_v2_send_output_queue(h2c);
+
+h2c->blocked = 0;
+
+if (rc == NGX_ERROR) {
+ngx_http_close_connection(c);
+return;
+}
+
+if (rc == NGX_AGAIN) {
+return;
+}
+
+/* rc == NGX_OK */
 }
 
 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel